WordPress.org

Make WordPress Core

Changeset 15832


Ignore:
Timestamp:
10/18/2010 11:44:19 AM (8 years ago)
Author:
dd32
Message:

Use $wpdb->prepare in wp_old_slug_redirect(). See #15140

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/query.php

    r15827 r15832  
    31473147        global $wpdb;
    31483148
    3149         $query = "SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value='" . $wp_query->query_vars['name'] . "'";
     3149        $query = $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value=%s", $wp_query->query_vars['name']);
    31503150
    31513151        // if year, monthnum, or day have been specified, make our query more precise
    31523152        // just in case there are multiple identical _wp_old_slug values
    31533153        if ( '' != $wp_query->query_vars['year'] )
    3154             $query .= " AND YEAR(post_date) = '{$wp_query->query_vars['year']}'";
     3154            $query .= $wpdb->prepare(" AND YEAR(post_date) = %d", $wp_query->query_vars['year']);
    31553155        if ( '' != $wp_query->query_vars['monthnum'] )
    3156             $query .= " AND MONTH(post_date) = '{$wp_query->query_vars['monthnum']}'";
     3156            $query .= $wpdb->prepare(" AND MONTH(post_date) = %d", $wp_query->query_vars['monthnum']);
    31573157        if ( '' != $wp_query->query_vars['day'] )
    3158             $query .= " AND DAYOFMONTH(post_date) = '{$wp_query->query_vars['day']}'";
     3158            $query .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", $wp_query->query_vars['day']);
    31593159
    31603160        $id = (int) $wpdb->get_var($query);
    31613161
    3162         if ( !$id )
     3162        if ( ! $id )
    31633163            return;
    31643164
Note: See TracChangeset for help on using the changeset viewer.